• Posted on
  • By

The 2020 Pandemic has caused permanent disruption to business and critical user workflows. Most universities felt pain points during the pandemic in an effort to maintain productivity. In the post-pandemic world, most universities and staff expect remote work environments.

However, daily ransomware attacks are a reminder that while maintaining user productivity is important – ensuring security is paramount. Colonial’s pipeline’s CEO told congress that the attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor (MFA) authentication in place. As hackers become more sophisticated and have increasing access to advanced computers, brute force attacks are becoming common, driving the higher education community to take an active approach addressing ransomware and denial-of-service attacks.

In the last thirty days, educational organizations have been the target of more than 6.1 million malware attacks, while the second-most affected industry has only seen 900,000 attacks.

A Zero trust model to defend against ransomware and malware

Many organizations are in the process of implementing a zero trust approach to improve their security posture. Unlike traditional security which assumes that every entity behind a firewall is safe, Zero trust consists essentially of three principles: use least privileged access (LPA), verify explicitly and assume a breach has occurred. Forrester Research popularized the term “zero trust.” This has in-turn created a range of definitions of zero trust, requiring a level of standardization by recognized authorities such as NCSC and NIST.

Zero trust is an approach that transcends specific technologies and point solutions. A key takeaway is that existing approaches to remote work are fraught with security risks and IT leadership must make a departure from usual operations.

Challenges of Remote Access

In a paper entitled “Solving the Challenges of Modern Remote Access”, the Gartner group outlines a decision tree which helps an IT manager understand which technologies are most appropriate for specific use cases. In particular, Gartner recommends IT managers to provide a virtual desktop/DaaS for these use cases:

1- Users need access to highly sensitive or secure data.

2- Users are using devices that are not owned by the organization (BYOD).

If the end user’s device is owned by the organization, Gartner recommends that end users install an Endpoint Protection Platform (EPP) for PCs and Macs and a Mobile Threat Defense (MTD) for mobile devices. Further Gartner recommends that admins remain aware that data is being stored on the end user’s device and take steps to mitigate the risk of those managed devices being on unmanaged networks.

Apporto believes IT admins will find a cloud desktop a more secure (witness the recent attack on software deployment vendor Kaseya) and simpler approach. A Cloud desktop reduces the attack surface significantly by allowing all data to be kept inside a secured perimeter. No data need be shared onto an unmanaged device nor need to exit the organization on an unmanaged network. IT Admins have control of data ingress and egress and can audit activity.

A More Secure Cloud Desktop: Always in the Browser

Whereas many DaaS and VDI companies deliver virtual desktops in a browser, these are often not recommended for many use cases (videoconferencing, graphical applications etc.). Most DaaS and VDI companies strongly recommend that users install and use a client and that end users secure the end point, making sure the client is always up to date. In other words, a cloud desktop that uses a client expands the attack surface to the end point and the IT team is back to managing and maintaining the endpoint’s security.

Apporto on the other hand is always delivered in the browser and does not rely on the end point to be secured. Unlike VPN access which grants the remote worker’s laptop access to the physical network and therefore can be an attack entry point which must be secured using ACLs, the Apporto desktop only allows the remote worker to interact with the delivered desktop via HTML events and messages which provide a very limited attack surface Essentially, the most critical aspect for securing an Apporto Desktop is utilizing strong user identity assurance that can be added to any SSO solution.

Zero Trust Virtual Desktop White Paper

In this white paper, you will learn how Apporto helps companies achieve highly secure remote workplaces
LEARN MORE

Multi-factor authentication:

Many legacy systems rely on Windows authentication – this is increasingly a high security risk as hackers become more adept at brute force attacks. Apporto always relies on SSO technologies and recommends that those are used in conjunction with MFA to ensure a high level of security to the desktops.

Least Privilege Access

A key rule of zero trust is to trust no one and users should be provided the least amount of privileges needed for their tasks. Apporto enables an admin to deliver:

  1. a remote application in a browser with no access to the OS 2) a desktop with no admin privileges and/or 3) a desktop with admin privileges – all from the same portal and based on the same infrastructure.

Further, Apporto provides a simple console enabling administrators to publish or hide applications or shared folders based on the users’ role/group affiliation. For instance a user who is a member of the engineering team who does not need or have access to SAP would not see the SAP client on his desktop. Similarly a user who does not need access to specific data would not even see the shared folder. This is simply achieved in Apporto through the use of a feature called desktop variants.

One cloud desktop for all tasks:

Another historical problem with cloud desktops has been poor user experience. This is often the result of high network latency or misconfigured applications. Poor user experience is frustrating to users and leads many to use the managed cloud desktop for one set of applications and their unmanaged physical desktop for applications such as video conferencing or chat. This defeats the purpose of the managed cloud desktop since it’s often inevitable that end users will store some of the data on their physical desktop, e.g. uploading or downloading a file from a Teams chat.

Apporto addresses high network latency by utilizing a unique geo-optimizing technology. This means that Apporto can assure that an end user is always connected to the closest data center to ensure minimal network latency. Apporto’s network of data centers ensures that no user is ever further than 50ms from their cloud desktop. Research has shown that at a latency less than 50ms most people cannot distinguish between a local vs remote experience. In addition to our regional infrastructure, Apporto has implemented several additional technologies that enable the bridging of edge video and audio devices into the cloud desktop through the browser. These features allow users to remain on the cloud desktop for all their use cases – even for highly demanding applications such as video conferencing.

Conclusion:

Apporto has leveraged decades of experience to create a secure cloud desktop service. A key goal of the service is to minimize the attack surface – this is achieved by using a clientless virtual desktop, MFA, principle of least privilege for apps and data and visibility/control of all data ingress/egress. The service provides admins with a simple control plain that makes the task simple.

Enhancing Accessibility with Cloud Desktops

Overcoming Technological Barriers

Cloud desktops have become an increasingly popular tool in higher education for promoting diversity, equity, and inclusion. One of the main benefits of cloud desktops in this context is their ability to overcome technological barriers that may prevent some students from accessing educational materials. For example, students who do not have access to certain software on their personal devices can now access such software remotely using cloud desktops. This means that students who may not have the financial means to purchase expensive software can still engage with course materials on an equal footing with their peers. Similarly, students who may have disabilities that prevent them from using traditional desktop environments can now access academic resources using assistive technologies included in the cloud desktop environment. This includes screen readers, speech recognition software, and other tools that can help students with disabilities engage with course materials in a way that works for them.

Supporting Students with Disabilities

Cloud desktops also benefit students with disabilities by providing greater degrees of accessibility and flexibility. For example, students with visual impairments can enlarge text and adjust the color contrast of their screen to make it easier to read. Meanwhile, students with mobility impairments can use assistive technologies to control their computer cursor, making it easier for them to navigate course materials and complete assignments. Through these technologies, students with disabilities are better able to participate in course activities and fully engage with their academic work. This can help to level the playing field and ensure that all students have an equal opportunity to succeed in their studies.

Promoting Digital Literacy and Inclusivity

Cloud desktops also promote digital literacy and inclusivity more broadly. By providing access to course materials and software remotely, cloud desktops encourage students to take greater control over their own learning. This means that students are more self-sufficient and self-directed in their learning, which can promote greater engagement and retention of course materials. Furthermore, by providing equal access to educational resources, cloud desktops help to build a more inclusive learning environment. This can help to promote a sense of community and belonging among students from diverse backgrounds, which can have a positive impact on their overall academic experience. In conclusion, cloud desktops have the potential to be a powerful tool for promoting diversity, equity, and inclusion in higher education. By overcoming technological barriers, supporting students with disabilities, and promoting digital literacy and inclusivity, cloud desktops can help to create a more accessible and equitable learning environment for all students.

Fostering Collaboration and Engagement through Cloud Desktops

Virtual Learning Environments

Finally, cloud desktops foster collaboration and engagement among students and faculty. By enabling students to collaborate in real-time, cloud desktops facilitate active learning and deeper engagement with coursework. Additionally, cloud desktops can be used to create virtual learning environments that simulate traditional classroom settings, complete with real-time discussions and group activities.

Encouraging Cross-Cultural Collaboration

In addition to promoting collaboration among students and faculty, cloud desktops also facilitate cross-cultural collaboration. As institutions of higher education continue to diversify, it is increasingly important for students to engage with peers from different cultural backgrounds. Cloud desktops can help make such interactions possible by providing students with the means to collaborate across geographical and cultural divides.

Supporting Faculty in DEI Initiatives

Lastly, cloud desktops support faculty in their efforts to promote DEI in higher education. By providing greater accessibility and inclusivity, cloud desktops help faculty create more diverse and welcoming learning environments that account for the varying needs and experiences of all students.

Conclusion

Cloud desktops have proven instrumental in transforming diversity, equity, and inclusion in higher education. By providing students and faculty with access to educational resources and software remotely, cloud desktops offer greater flexibility, accessibility, and inclusivity. These benefits, in turn, are instrumental in promoting collaboration, engagement, self-reliance, and empowerment among students, and supporting faculty in their efforts to create inclusive learning environments. As higher education institutions continue to adapt to a rapidly diversifying student population, cloud desktops will remain an important tool in promoting DEI and transforming the educational experience for all learners.